Posted
by
Unknown Lamer
on Tuesday February 07, 2012 @03:08AM
from the war-on-alzheimer's-patients dept.

wiedzmin writes "A Colorado woman that was ordered by a federal judge to decrypt her laptop hard-drive for police last month, appears to have forgotten her password. If she does not remember the password by month's end, as ordered, she could be held in contempt and jailed until she complies. It appears that bad memory is now a federal offense."
The article clarifies that her lawyer stated she may have forgotten the password; they haven't offered that as a defense in court yet.

Yep. Colossal blunder, that. Clinton should have simply said something akin to, "My sex life is personal, and thus is none of your fucking business. If you want to make political hay out of my personal life, find something criminal. Oh, wait. You already tried that, and failed, so how'z about we stop wasting the taxpayer's money on this shit. M'kay?"

Then again, he could have pointed out (if he'd known) the flaming irony of The Speaker of the House harping about morals while acting like a complete degenerate himself.

How can this woman be charged with contempt? Is there precedent in law to ignore the Fifth Amendment [wikipedia.org]?

No person shall... be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.

Goddammit, I'm undoing my mods to post this since you're just blatantly misinformed - and I know you're not the only one. With the exception of a few highly restrictive states like California, New York, New Jersey, Massachusetts, Illinois, and the non-state of D.C., you can own pretty much anything you want (though due to the Hughes amendment, machine guns must be made prior to 1986). It's a common misconception that silencers, real assault rifles (meaning that you can select between semi-auto and full auto and / or burst fire), machine guns, explosives, rocket launchers, etc are illegal in the US. They're not, you simply have to jump through some hoops to get them, but if you can legally buy a gun, you can legally obtain an NFA (read: restricted) item just fine. It just requires more paperwork, a $200 fee to the ATF for a tax stamp certifying that you legally own the item, and waiting a few months for the ATF to drag their feet on processing the paperwork. Silencers are pretty cheap even - it depends on the caliber, but $800 is a pretty common price. Machine gun prices / real assault rifle prices are artificially inflated by the government though due to the post-1986 ban so a gun that should cost about $2,000 will end up costing more like $15,000 due to the artificial scarcity. Hopefully we can get that fixed one of these days....

Oh, as for "No one sane is going to take on anything with a semi-automatic rifle", the majority of the time the military doesn't even flip their rifles (well, usually carbines to be exact) to burst fire / full auto because it's very hard to control and you burn through your ammo a lot faster without being more effective. As for US citizens being able to fight back against the military? The US military has roughly 3 million soldiers (this counts desk jockeys and members of the reserve as well as the coast guard and national guard) and we'll round up and say 1 million police officers / federal agents (again, counting desk jockeys). The LOW estimate for the number of gun owners in the US is 40 million people with about 90 guns in private hands per 100 people in the country (that includes children), so not only is there a large abundance of weapons and ammo in private hands, but private citizens who own guns outnumber the police and military by around 10 to 1. Sure, they have tanks and bombers, but unless they REALLY wanted to destroy their own infrastructure and a lot of non-combatants on their own side, they wouldn't use them (because even if they won, the country would be totally FUBAR'd for decades).

Note: I'm not promoting or hoping for any conflict between citizens and the military - merely stating some facts regarding the number of people on each side (assuming gun owners all sided together) and how well equipped they are.

In any conflict of such an magnitude, where the US military is outnumbered, things like logistics, troop movements and proper command structure will play a MUCH more important role than what guns the each side has. You can't really argue that a rag-tag militia can compete with a trained army in these aspects.

You can't really argue that a rag-tag militia can compete with a trained army in these aspects.

You mean like the insurgents in Iraq who have killed about 5,000 US troops despite being out-gunned, out-numbered and not having the same training as our soldiers? You forget that many of the civilians in that "rag-tag militia" are also US military veterans and have the same training and even more combat exposure than many active duty soldiers. Many of our veterans have a hell of a lot more practical combat skills and experience than our police; the average infantry veteran is easily at the same level as a SWAT officer. In an open fighting, the police would get their asses kicked two ways to Sunday and back by armed veterans who meant business.

They don't need to "win." The US military isn't going to simply destroy its own entire nation to "win." There only needs to be enough resistance to force the government to significantly change policies, and that would be relatively easy given the level of armament in private hands.

They don't need to "win." The US military isn't going to simply destroy its own entire nation to "win." There only needs to be enough resistance to force the government to significantly change policies, and that would be relatively easy given the level of armament in private hands.

Also understand that the US military is made up of volunteer civilians. Sure, some in the US military will be willing to fire on US citizens, but I seriously doubt that number will be more than half. While I don't expect a lot of grunts shooting their officers, I would expect an awful lot to not return from guard duty.

In any armed uprising in the United States your bound to have many of those military and police on the side of those resisting the government. Having been in the military and know friends still in it, there is America and there is the Government. You serve the later versus foreign enemies, your serve the former at all times.

Nineteen hijackers and a couple of middle-aged rich kids with daddy issues managed to drag hundreds of thousands of highly-trained military personnel and a couple trillions dollars into a ten-year conflict that killed thousands of people, sent one country back to the stone age, destabilized another, and undermined the basic constitutional underpinnings of the most powerful country on Earth. And it still isn't even clear who "won." I don't think you can predict these sort of things based purely on the number of things or people on each side.

How can this woman be charged with contempt? Is there precedent in law to ignore the Fifth Amendment [wikipedia.org]?

I'm not entirely comfortable with the legal precedent of detaining people for refusing to disclose a password. At the same time I can appreciate that providing a password is not, in and of itself, providing witness against himself. The password is in all senses bar existing as a physical object analogous to a key. If a court can require someone to provide a key then it should be able to requi

That depends how broad you think the 5th amendment is. To quote Justice Stevens:

A defendant can be compelled to produce material evidence that is incriminating. Fingerprints, blood samples, voice exemplars, handwriting specimens, or other items of physical evidence may be extracted from a defendant against his will. But can he be compelled to use his mind to assist the prosecution in convicting him of a crime? I think not. He may in some cases be forced to surrender a key to a strongbox containing incriminating documents, but I do not believe he can be compelled to reveal the combination to his wall safe - by word or deed.

Note that this is from the dissenting opinion in Doe vs US, where the suspect was compelled to sign a form - that in itself contained no factual information - requesting information from foreign banks of any accounts he may be the holder of. The court found that they could, just like they could compel you to provide a handwriting sample.

As for a password, the best idea would be to STFU completely because:

The issue presented in those cases was whether the act of producing subpoenaed documents, not itself the making of a statement, might nonetheless have some protected testimonial aspects. The Court concluded that the act of production could constitute protected testimonial communication, because it might entail implicit statements of fact: by producing documents in compliance with a subpoena, the witness would admit that the papers existed, were in his possession or control, and were authentic. (...) Thus, the Court made clear that the Fifth Amendment privilege against self-incrimination applies to acts that imply assertions of fact.

So unless you acknowledge that you're in (sole or not sole) possession of the password, as this woman apparently did, that in itself will have testimonial value. Even if the prosecution has ample evidence for that anyway, you should be able to invoke the 5th. In this case she may have seriously screwed herself there. If there's no testimonial value, there's not much precedent to say one way or the other. Oh yeah, and don't try to destroy any evidence with booby traps. In the search I found that the SOX act was used in a suspected child porn case:

Whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States (...)

Limited to the SOX act? Nope. Destroy evidence and you get up to 20 years in jail. Of course it helps that he stupid fuck admitted to destroying his HDD after the cops came by the first time, but just goes to prove laws will be cross-applied everywhere they can.

* She isn't testifying in court, so she is not a witness against herself* Any life, liberty, or property of which she is deprived is explicitly by due process of law* Her property is not being taken for public use

I think the problem might be that you don't understand your rights. You should read up! Your rights are very important, and you should understand them.

They can order you to turn over documents, sure. If you don't, do they actually hold you in contempt while they start executing search warrants? I would have figured that the 5th would preclude requiring any active participation against yourself. (But then, that's just common sense. Lawyers have no need of that.)

You are required to turn over documents, and can be held in contempt for refusing. But, of course, the prosecution has to prove you actually have the documents. If you say you lost them, and they can't prove you didn't, they can't hold you in contempt. To my thinking, the same should apply to decryption passwords. I know I'd hate to have my freedom hang on my ability to remember a password.

A search warrant does not require participation of the defendant. Neither would them cracking the encryption. It crossed the line into a constitutional violation when you begin to threaten people for not aiding their own prosecution: such as requiring someone to disclose the location of incriminating documents, or giving up passwords to encryption keys.

This is little different than demanding that someone accused of a murder disclose the location of the body, or be held in contempt of court: you cannot win either way. Therefore, it is unconstitutional, not a "legitimate legal process." Even were it considered such by the legal system - which it is not - it would still be unconstitutional and a violation of civil rights in need of correction.

You might consider it reasonable, but I think the fact it is possible to easily forget something like a password makes it unreasonable even if there were any sound arguments for violating the 5th.

No, if they could prove that you knew the password, you could be held in contempt. When you are in court, you are required to present requested evidence. For example, if they know you have the body, you can be compelled to present it. Of course, if they knew you had it, that'd mean they knew where it was, so they wouldn't need to ask for it.

A better analogy would be legal documents which were lost. They knew you had them at one time, but how can they really prove you still have them? Obviously, you can't produce something if you are no longer in possession of it, and they can't hold you in contempt for that.

Yes, but due process includes requiring that the evidence subpoenaed exists and is under the control of the recipient. People forget things all the time. Just ask any helldesk person how frequently people forget passwords, even in cases where they have been duly informed that irrevocable data loss will result. If you've forgotten it, it is not under your control.

There exists no way to prove or disprove a claim that a person does not currently remember something. Even the most advanced (and unproven, non-admissible) technology only claims to be able to say if a person is familiar with something they are actually presented with during the test. Even then we can't say WHY it seems familiar. Given that stress and fear are great blockers of recall, it's quite believable.

I have no idea if the defendant REALLY can't remember the password or not. The only person who could possibly know for sure is the defendant.

This is not a matter of "producing" the documents -- the prosecution has them, in the form of an encrypted hard drive. This is a matter of helping the prosecution decypher the documents.

To put it another way, suppose there were only two possible documents on the hard drive, one incriminating, the other exonerating. Given only ciphertext for one of those documents, the prosecution cannot say which document was encrypted. Given ciphertext plus a passphrase, the prosecution can make a case that it was the incriminating document (assuming it was). Demanding the passphrase from the defendant is like demanding the defendant explain difficult to understand parts of the document, which is unquestionably demanding that the defendant testify against themselves.

Oh wait, it is involves super-duper-secret-spy-stuff (cryptography) and magical computers, so we are supposed to dispense with logic and rely only on bad metaphors that help the prosecution's case. That poor, poor prosecutor, whose case is weak without violating the fifth amendment.

I often can't remember my password after a week away from the office on holiday. (And we have quite lax policies regarding passwords, no time, lenght or content limits, so I have a fairly easy one I've been using for months....) I might be hard pressed to remember a password after a month, under dures.s

In the UK it works like this: If the prosecution can show that you probably know the password then you can go to jail for up to two years for refusing to give it. The burden of proof appears to be lower than the usual "beyond reasonable doubt" that is normally required, and evidence can be highly circumstantial. For example if you decrypted the data the day before you get arrested they could say you must know it, even if you happened to wipe the key or change the password or just genuinely forgot since. Justice is slow in the UK so it could easily be 6+ months before you are even asked.

The stupidest part is that going to jail for two years and having the conviction expire (so you no longer have to declare it when applying for a job) after a few more years is infinitely preferable to, say, going down for 20 years on terrorism or being put on the Sex Offenders Register for life. It seems almost like a conciliation prize for the police when they have failed to gather any other evidence and would otherwise have to let the suspect go.

Depending on the type and method of encryption, she could say "Do you know when the last time I needed to know that password was? The last time some asshole law enforcement agency decided to rip the drive out of my laptop and gain unlawful and unjustified access to the data therein!"

Well, usually you're innocent until proven guilty, so I guess they'd have to proof you didn't forget and are actually withholding it.

"Innocent until proven guilty" is all about how court cases are run. There is more than "innocent until proven guilty", there is also the fact that the police has to tell you about your rights, that they can't do illegal searches, and on the other hand that you have to cooperate in searches - which this woman is refusing to do. And there are rules what happens when someone acts against the court rules. Jurors can be jailed in extreme cases. Evidence can be thrown out. And _you_ can go to jail for "contempt of court". There are different rules applying.

Now the fact is that this is her computer, which she used daily for the scam she was running, and which she encrypted to cover her tracks. Forgetting the password seems unlikely.

If I were in her shoes, I'd claim the same thing. However, this is just going to be a justification for when technology let's "the man" truly read your mind to say there was just cause to do so in order to determine whether she really forgot or just pretended to and all the crazy ethical questions/arguments/fights that will ensue. These days I'm doubting ethics and philosophy can possibly keep up with the pace of technology. I hope I'm wrong!

...you should put all the juicy stuff in plain sight on your harddisk. Then encrypt the stuff you don't care about. When the authorities finally get the password out of you, at least you'll have the satisfaction of confounding them.

Let me ask this (and display my ignorance): If I had a safe and a judge ordered it opened, and I claimed I'd lost the key, would I be held in contempt? Or would it just be forced open? Would this ever see the courtroom at all? Can lawful seizure require active participation of the accused?

If I claim to no longer be in possession of a piece of evidence, and don't know were it is, could I be held in contempt? Couldn't I plead the fifth? "You want to convict me? You go find it."

I'm trying to figure out the stare decisis on this topic (equal and consistent application of the law). It just seems so darn inconsistent.

What if I build a $50 million safe with walls as thick as a normal house, a hundred different lock mechanisms and all sorts of thinkable measures to protect its content to the point where you would need to pour insane amounts of resources (costing along the lines of the cost of a supercomputer or two) to get into it. Would that mean I should suddenly be held in contempt by default if I forget how to access my safe's contents?

Ok, I'll approach the issue from a different direction then. Can a defendant be ordered to take the stand in any case? If the prosecutor wished to establish a timeline, could they force the defendant to testify about events surrounding the crime? Wouldn't anything the prosecutor asked potentially make the defendant "witness against himself"? Is there any question on the stand that a defendant can't plead the fifth to, because it undoubtedly would be used as testimony against him?

Unless you can find a significant exception to the above (and explain it), how can that not extend to criminal discovery? How can someone be compelled to tell a cop where they buy their ammo? Stored their gun? Provide financial records? Can't all of that wind up in court as testimony against you? How can the fifth possibly not apply pre-trial?

If you're still with me, how can a defendant ever be compelled to act against himself in a criminal proceeding? I can see how he might be cajoled or enticed... but court ordered? The very premise seems unconstitutional to me.

No it does not. This is a situation where metaphors must absolutely be avoided to protect our rights. Encrypting a document is not the same thing as putting a document in a safe; encrypting a document is encoding it so that the secret key is required for decoding. By demanding the secret key from the defendant, the prosecution is demanding that the defendant tell them how the document should be interpreted. Indeed, one only needs to examine one of the most basic security definitions -- ciphertext indistinguishability -- to see why this is the case (the prosecution cannot show that the ciphertext is an encoding of an incriminating document and not an exonerating document if the cipher meets the indistinguishability definition).

What we are seeing is new technology being used as a justification for undoing our civil rights.

The concept of innocent until proven guilty is widely misunderstood. It is the obligation of the jury to presume innocence. Nobody else. Not the prosecution. Not the police. Not the accuser. If it were their obligation, nobody would be charged with anything ever.

she revealed that she, and only she, knew the password to the hard drive over the phone. so her claims she "forgot" are not very plausible. if she hadn't done that, i seriously doubt she would be in this predicament.

Unfortunately The Man can trample all over your rights so long as the judicial branch agrees that the executive is following the intention of the legislative. I am curious, though, about the "smart chip" in my bank card. If I enter my PIN incorrectly three times it locks itself permanently and requires that I get a new card and a new PIN--a security feature (that prevents the banks from losing money). Assuming that The Man says I have to fork over my password--Bill of Rights be damned--if my hard drive encryption has the same "security feature" e.g., after three incorrect tries it eats the private key and renders the drive non-decryptable, can I then be charged with a crime for accidentally (which of course I can't prove) entering the wrong password three times? What if the Feds try a dictionary attack and trigger the three tries before even asking for the password? The information on the drive is completely lost, so holding me in contempt accomplishes nothing, but in the first case I "destroyed evidence" and in the second I basically conspired to destroy evidence, right? Without the evidence, they cannot convict me of the original crime, but would the sentence for destroying evidence (or obstructing justice or whatever) scale with the severity of the alleged crime?

...so if they throw her in jail for contempt, then doesn't the likelihood of her being able to remember the password decrease over the time of her incarceration, and with it, her ability to comply with the judges orders? If she rides it out for a few months, then isn't her inability to recall her password more credible?
I think what this case demonstrates, is the need for a duress password. Enter it and bam. Unrecoverably locked. Then it would be for the prosecution to prove that you deliberately destroyed evidence.

If I really had something to hide, I'd use key files on a very old USB dongle (128 MB dongle or so). Truecrypt and Bitlocker support this. Then police will most likely raid your house during this whole action. But even if not, when asked to provide the key I'd simply say "this was in a USB dongle. It was laying on my table, so now you tell me where you've put it after messing up my whole house". Or "I had it with me and after my spontaneous arrest I had no idea where you made me forget it". Police might eventually find the donlge, but if they ask what that is, I'd say "that was some old key, no idea for what or what the decryption password is. The key you are looking for was on a new dongle.

Thing is, it is easy to doubt that you know something. But you can get naked and show that you don't have anything hidden between your legs.

And when the filesystem history of your PC shows logs of you inserting that serial-numbered USB key into your PC last week, and using filesystem encryption tools to access it? And sure, you can combat that, but there's always another way to get caught out that you might not have considered. Hell, they can probably tell you the last time you touched the device itself, or inserted it, and into what computer you inserted it by various bog-standard forensic evidence (scratches on the USB connector, fingerprints, etc.).

You don't even know if they haven't been *watching* you insert that USB key by that point (and if they've raided you, there's a good chance they *have* been watching first). They won't tell you that until AFTER you've already denied ever knowing where it was. You've just stamped "guilty" on your own head by being a smartarse.

You can be a smartarse if you really want to, but nothing in the world is clever enough to stop "reasonable doubt" when you play games like that, especially if you're that confrontational. All that will do is make them WANT to put you away rather than plant doubt in their heads.

After a police raid, they'll just have all your possessions. Sure, it'll take a while to catalogue them all but they will. They actually have to. Not only that, they'll know the serial number of every one and maybe even the purchase origin. While you're sitting in an interview room being a smartarse, they're sending out court orders based on your PC and ISP evidence and forensically recording your Slashdot comments (and the above, in the wrong context, could be enough to convict you even in ten years time if that DOES happen!).

You missed the whole point of the article - the US, and the UK, have laws that if they even THINK you really have the key and haven't forgotten it, they'll throw you in a cell until you remember. Be as smart-arse as you like but people have already been convicted and jailed over it because of "reasonable doubt" that they weren't innocent. The law is there, it's written, it's enforceable (whether it's SENSIBLE is another matter and one that takes decades to argue in court) and if they suspect for a moment that you're being a smartarse, they'll use it.

This is how the law works. If you're stopped by a policeman in the UK, he'll pay you zero attention if you're polite, genuine, "I know, officer, I was speeding. It's a fair cop." about it. Start being pricky towards them for no reason and they'll have you for your tyre wear, the rear light, the slightly-covered number plate, look up your insurance, your license, run a check on your name, look through the car for anything you shouldn't have, etc.

It has to be said that it's not an unsuccessful method of law enforcement and anyone with brain enough to be respectful and polite and co-operative will "get away" with things that the idiots who's taking their badge number and threatening them won't. The same applies from the police up to the courts. Hire a good lawyer, be co-operative and polite, play by the rules and you'll get the best result. Be pricky about it and they'll do what they can to dig deeper and inconvenience you.

I can think of ways you could reasonably consider to have good reason to have lots of encrypted USB sticks about that you don't know the passwords too. But being the smartarse will end up with you in jail, whether you "did" anything or not. You can argue about it as much as you like but if the judge takes a dislike to your attitude or methods, they'll put you away at least until your successful appeal.

What do you do? You provide all the information you have and be as co-operative as possible. Why? The laws on that are worded so that co-operation is the better of the two options so that you're *forced* to co-operate or go to jail.

You can argue about self-incrimination, free-speech, etc. afterwards - when the judge KNOWS that you've been 100% co-operative. You can still have evidence stricken, ask for a mis-trial, appeal, etc. but you've been co-ope

You can argue about self-incrimination, free-speech, etc. afterwards - when the judge KNOWS that you've been 100% co-operative. You can still have evidence stricken, ask for a mis-trial, appeal, etc. but you've been co-operative and had nothing to hide so when they *DO* find a USB stick that you've never seen before and are demanded to decrypt it, you are much more likely to make them think "Damn, he gave us all the others, even when it incriminated him - maybe he really *doesn't* know this one?".

As long as you've been read your rights, pretty much anything short of a confession at gunpoint is forever. You'll never manage to "undo" anything you've said to the police or in court and everything that tumbled out because you gave them access to everything you know and have will be fully legally admissible. Your whole argument revolves around your belief that they'll actually think you innocent, and not just "well we couldn't convict him on what we wanted, but we can slam him with everything we got".

If they for some fucked up reason think you're involved in terrorism or kiddie porn or organized crime or whatever, do you think that suspicion will go away because you "give" them petty software piracy and having a joint? No, you just handed them enough rope to hang yourself with. That said, yes being a smart ass and trying for a game of wits with the police is a very bad idea, as is getting rude and obnoxious. Politely decline any search without a warrant and that you would not like to answer questions without a lawyer present. Most people just make a bigger mess of everything trying to "prove their innocence" as you seem to suggest.

What do you do? You provide all the information you have and be as co-operative as possible. Why? The laws on that are worded so that co-operation is the better of the two options so that you're *forced* to co-operate or go to jail.

I agree that you should be polite and co-operate with the letter of the law, but it's also important to reveal as little information as possible. Even innocuous information can be twisted against you. A prosecutor won't think "Well, this guy was so co-operative and revealed potentially incriminating information he didn't have to, so he's probably innocent." The prosecutor'll think "This information the suspect gave me might convince the jury to convict him." It's a prosecutor's job to prosecute if there's chance of a guilty verdict, and he/she won't mention to the jury you were such a nice guy and revealed something you didn't need to.

I am innocent of the allegations.But my HD contains files which might incriminate me in ways not covered by the claims of prosecution.By giving the password, I would open myself to prosecution on issues the prosecutor has no clue about.Therefore I refuse confession that would cause self-incrimination.

The laptop was seized in 2010, the order to decrypt is from 2012. I have passwords long enough that I will have trouble remembering them after 2-3 months of not using them. (Happens very rarely.) Not using them for over a year could well make me unable to remember them at all. So I would consider this a real possibility. Not absolute certain, of course, but credible enough that asserting she does still know the password after not having used it for this long would be an unfair disadvantage to her, as she fundamentally cannot prove she does not remember it.

Now the way around this for future cases is key-escrow or requiring everybody to write down their passwords, with the attached huge negative effects. In any sane legislation you can just refuse to give a password. I am amazed that in the self-proclaimed "land of the free" this does not seem to be the case and hope this will just turn out to be a judge that does not understand the issue and will get fixed permanently by a higher court.

Currently I don't have something, which really need encryption. However, should it ever be necessary I'd modify after each use the timestamps so it looks like the container was last accessed years ago. Within sensible limits, of course. It would be much more believable to have forgotten a password, when the last access was several month ago than when the timestamps says it was accessed last week or even yesterday.

Well I'm glad that you released your brilliant plan on a public forum where said law enforcement agents surely wouldn't look.

Maybe he wants law enforcement to think those are just "honey-pots" so they don't try too hard to get at the content.

If more people are doing that and the law enforcement agents are meeting more of HD with such files, how are they (law enforcement agents) going to know which files are honey-pots and which files have real juicy data in them ?

I apologize if I'm being slow, but I'm stuck on how the note saying, "I derived my password from material I once got from these 10 sources" is the same as producing the passphrase demanded in a court order.

I mean, otherwise wouldn't the defendant in the article here say, "I know it was 120 characters selected at random from War and Peace", and call it a day? Because I'm getting the sense that an answer like that wouldn't cut it.

Your premise is ridiculous, as the court can reasonably assume that you intended to use said encrypted file, and thus pointing to random password generators for the password doesn't cut it because *you* need the password set to use it. Your solution doesn't accomplish anything other than looking stupid here and probably getting your arse handed to you by a judge.

If you are willing to take the legal ramifications for your "honeypot", then go for it, but don't expect a judge to accept your claim as true and leave you alone.

In all of these cases that I have seen, the court always stresses that they are NOT asking for the passphrase. They always make this very clear. They always stress that they are NOT compelling the accused to provide their passphrase, but that they are compelling the accused to provide an (allegedly existent) unencrypted copy of the (alleged) ciphertext on the hard drive.

I don't understand the legal ramifications of asking for the passkey versus asking for the (alleged) unencrypted data, but IANAL. Maybe they think that the passkey encrypts other data besides the data they are interested in, and so asking for the passkey is a stricter requirement than asking for the plain text. I dunno.

You're either a troll or an idiot. 'Legally speaking' the judge can hold you in civil contempt if they believe you know the password and refuse to disclose it. Given that there is no point encrypting a file using the method you describe they're unlikely to believe you're telling the truth, and as you can't PROVE (for future reference it isn't proof) you don't know it you're pretty well fucked. Just because you created a file with 'instructions' doesn't mean that the judge is going to believe that is actually how you created the password.

'Legally speaking' the judge can hold you in civil contempt if they believe you know the password and refuse to disclose it.

Exactly. Judges have almost no oversight in their ability to use civil contempt. If he doesn't like you, he can throw you in jail for as long as he likes and you have no recourse.

This is a problem, whether we're talking about encryption or baggy pants in court. Jugdes have way too much power. Civil contempt is an end run around our constitutional protections and should be abolished.

B. By providing a plain-text-file with a clear description of where I got the parts of the passwords from, I am, legally speaking, not withholding anything.

Producing information on how you derived the original password to encrypt the file is not the same as producing the password. The judge is asking you for the password, not for how you derived the password - by playing stupid games like that you are likely to end up in jail for contempt pretty quickly.

This wouldn't fly in the UK (under Part III of the Regulation of Investigatory Powers Act (RIPA)).You forgot? Tough.You used some honey-pot ruse like this? Tough.Either you give the key/passphrase to decrypt the file when requested or go to jail. End of discussion.

Sounds like the USA is trying to bring in similar measures via precedent.

We encrypted our employee laptops with truecrypt. The passwords where 10 character and phonetic. I wrote a small database program that allowed us to keep the recovery iso and the password stored for every laptop in case of a problem. We also required them to physically see us to get their password if it was lost.

After about 6 months of constant streams of people coming in to get their password, suddenly people stopped asking. A week later we started finding passwords taped to the bottom of every laptop we were servicing.

So in a nut shell 300 people can't remember passwords that are not their wives names, birth dates, or the name of a pet.

So in the unlikely (?) event that the FBI want to search your hard drive, you've encrypted a non-sensitive file with a key you don't know because...you like prison food? Communal showering? Room mates named Tiny?

In short, your defence when the judge is threatening to find you in contempt will be 'What can I say, your honor? I'm a retard.'

The punishment for contempt is open ended, and can be whatever the judge wishes. Its already been mentioned, but here is the case of a man jailed for 15 years on contempt of court, based solely on testimony from his ex-wife: https://en.wikipedia.org/wiki/H._Beatty_Chadwick [wikipedia.org]

2.... But they can't prove either that you didn't forget it. Fuck it was a long password and the Masked grunts startled it out of my Head. Justice works based on PROOF not on beliefs. No proof No crime.

Not any more. You prove your innocence or you are a goddam dirty terrorist.

Your response gives me a chilling effect.If I want to fill a HDD with random data then I should be able to. It doesn't mean I am a criminal. Nor should it mean that a judge can lock me away for decades.

I have pondered this problem for some time.

Let's say you have a couple of HDD filled with random data, and several large files which are random data, and quite a few medium and small files which are.. random data.

Add to this that if these are truecrypt volumes, then they all have hidden volumes, but not all have files in them, and some will be literally random data.. not encrypted volumes at all.

What can they do? Force you to decrypt hard drives full of random data files which may or may not be valid encrypted volumes?

Force you to decrypt each and every single file which appears in some way to be an encrypted container - regardless if it is actually an encrypted container or not?

If this is the case, then you may as well encrypt and offsite store everything important or have a method for complete concealment so they can't see the files at all. Rubberhose file system or similar perhaps..

Meanwhile, anyone stupid enough to steal my files (thieves, police, or otherwise) can spend all the time they like trying to break into what appears to be encrypted files. If they are lucky, perhaps they will find a file which actually may possibly be an encrypted container and for which may actually have legitimate files in it. I wouldn't count on it though.

The $5 wrench can't work when the files have no key.Yes, my head will hurt. Price you pay for sticking up for your rights.

If they want to break into my files then they can dedicate the processing time required to do so. Otherwise, the data is private; bugger off.If they can't get in then it's not my problem. I am willing to 'rot in jail' to prove this point... even if the only outcome is that you can go on living your life without this hassle.

If this stands it means that anyone can be detained indefinitely without trial. All they have to say is "We believe this file is encrypted using stenography, give us the password" and since saying you don't know equals contempt of court tada! Instant disappearing person. Hell with most geeks they wouldn't even have to go that far, how many of you have truecrypt on some disc somewhere? all they'd have to say is "The defendant has truecrypt in his possession and we believe he has a hidden volume, give us the password' and tada! Bye bye geek. don't say it couldn't happen because it wasn't too long ago most of us would have never believed the USA would have free speech zones and rendition taxis either.

Kinda sad that after we spent all those years supposedly fighting the USSR because of freedom the wall falls only for us to slowly but surely become like the USSR.

Don't this implicate that police now can jail anyone as they like? Just generate a random file and demand that the accused shall provide a "decyption key". If not they can be held and jailed for contempt?

1. It is and always was possible for a police officer to be a criminal, and a criminal police officer could always forge evidence against you. Nothing new.

2. The police would not only have to generate a random file, they would also have to convince a judge to give them a warrant with a good reason to search that particular file; a concrete reason why it would be likely that this file holds evidence. And the reason would have to be good enough not only to convince the judge who signs the warrant, but also